**When testing APIs, software engineers often repeat identical values across multiple requests, but who wants to waste time typing the same values every time? **
[Insomnia](https://insomnia.rest)Insomnia's environment variables solve this problem by allowing you to define a value once as an environment variable and reference that value wherever it’s needed. Insomnia also enables you to override certain variables using sub-environments or folder environments. Standard variables are base URLs, authentication tokens and resource IDs, but you can create any variables that help you save time.
Eventually, you'll run into a request that requires some form of authentication. The issue with storing passwords in plain text is that anyone can read them.
This issue prompted the community to question how to avoid plain-text passwords in the “Manage Environments” section of Insomnia. Thanks to a combination of [community contributions](https://github.com/Kong/insomnia/issues/2593)community contributions and Insomnia features, you can easily avoid this situation through various options:
The easiest solution is to use private environments. A private environment will never be exported or synced. However, it will still be in plain text, so it doesn't completely solve the issue at hand, but I wanted to point out that it is available.
My preferred option would be using env files. An Insomnia plugin created by community member Edirin made this possible. Huge thanks to him for creating this [Insomnia Plugin – dotenv](https://insomnia.rest/plugins/insomnia-plugin-dotenv)Insomnia Plugin – dotenv that makes it tenfold easier to use env files in environments.
To use Edirin's creation:
The alternative, and perhaps easier, installation method is to visit the [plugin hub](https://insomnia.rest/plugins/insomnia-plugin-dotenv)plugin hub and click the "Install in Core" button on the top right.
After installing the dotenv plugin:
[Opender](https://github.com/develohpanda)Opender took it one step further by utilizing the [Insomnia Plugin – dotenv](https://insomnia.rest/plugins/insomnia-plugin-dotenv)Insomnia Plugin – dotenv alongside sub environments.
This is handy for collaboration. The environment variable setup is shared (in the base environment). Still, each collaborator provides the specific keys from a file on their file-system, which is never synced or exported.
The results of this collaboration to avoid plain-text passwords in Insomnia demonstrate two things:
The combination of these two created a fantastic new plugin and excellent use case. I'd like to make one last shout out to Alex for kicking it off in the following [GitHub issue](https://github.com/Kong/insomnia/issues/2593)GitHub issue. We're all a little better at protecting our plain-text passwords now, thanks to you.
You can explore the other 250+ Insomnia plugins available on the [Plugin Hub](https://insomnia.rest/plugins)Plugin Hub. There are tons of excellent open source plugins. If you can't find something you need, Insomnia has [documentation](https://support.insomnia.rest/article/26-plugins)documentation to help you create your own.
Check out our recent blog post for even more Insomnia tips: [Service Design Guidelines with OpenAPI and Kong](https://konghq.com/blog/service-design-guidelines-with-openapi-and-kong-part-i)Service Design Guidelines with OpenAPI and Kong
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to impro
[](https://konghq.com/blog/product-releases/insomnia-11)
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team
[](https://konghq.com/blog/enterprise/insomnia-vs-postman-evaluating-api-testing-tools)
Local-first: your data stays with you: Insomnia stores everything on your machine by default. No forced cloud sync, no account needed just to send a request. This is helpful if privacy or working in a regulated environment is a priority for you Fre
[](https://konghq.com/blog/engineering/migrating-collections-and-requests-from-postman-to-insomnia)
Traditional agreement processes were slow and heavily manual. Documents were often created in office tools, shared through email, printed, signed physically, and stored across multiple systems. Tracking the status of agreements required manual follo
[](https://konghq.com/blog/engineering/automating-agreement-workflows-kong-konnect-and-docusign-for-developers)
How Kong Gateway 3.14 closes the consistency gap in IAM-based authentication across AWS, Azure and GCP — and what it means for your production deployments Starting with 3.13 (which addressed Redis support) and completed in 3.14, Kong now presents
[](https://konghq.com/blog/engineering/cloud-native-authentication)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
Running Kong in front of your Solace Broker adds real benefits: Authentication & Access Control – protect your broker from unauthorized publishers. Validation & Transformation – enforce schemas, sanitize data, and map REST calls into event topics.
[](https://konghq.com/blog/engineering/smarter-event-driven-apis-kong-solace)